Jump to content

Monitor My Wifi For Unauthorized Users?

NegativeSpace

By NegativeSpace
in Security

 Share

Recommended Posts

NegativeSpace Newbie

NegativeSpace

Posted
Posted

I want to get some software (for Windows) that I can use to monitor how many, and which machines are connected to my wifi network. I don't recall having ever heard anything about such a kind of software. Where can something like that be found (preferably with a GUI)?

Link to comment
Share on other sites
twist Newbie

twist

Posted
Posted

You could possibly use WireShark to look for dhcp requests and other communications with your router, I don't know of any windows software that does this automagically. I remember that bt4 and some previous versions have a scanner suit called Autoscan that does this.

Good luck :)

Link to comment
Share on other sites
meh Newbie

meh

Posted
Posted

Certain routers for personal use show hostnames of computers on your local network. My Linksys WRT54GS shows both locally connected clients and what ports they are using and Public IPs they are connecting to.

Link to comment
Share on other sites
NegativeSpace Newbie

NegativeSpace

Posted
  • Author
Posted
I like that. I think I'll try it. Thanks

I tried this Auto Scan, but I can't get it to work. It seems to have a lot of bugs. The first installation was corrupt, the second worked, but the network wizard crashes and the tool can't be used, as far as I know, without first using the network wizard. Next.....

Link to comment
Share on other sites
Charles Newbie

Charles

Posted
Posted
Ok open up the command prompt and type net view now you can see all the people on your network also just go to networking where you can view them there aswell

Nice find. The only downside is that it only works on the current workgroup/domain unless you specify otherwise.

I wonder how that would work if someone is in a different workgroup, since they wouldn't show up by default and you cannot exactly play "guess the name of the workgroup" that a rogue machine might be using.

You could probably run a network scanner to list the machines on the network as well. I know I use NetScan for simple scanning, since it runs off of USB, but it is no where near as good as Nmap.

Link to comment
Share on other sites
NegativeSpace Newbie

NegativeSpace

Posted
  • Author
Posted

I've been able to get Cain working, but I have no idea how to use it yet. I guess I will just turn off my firewall and start trying things out. Last night right, five minutes after I installed Cain, I found a vulnerability by accident. I'm not even sure what I did, but Cain told me a password that was stored with Credential Manager, which is the password storage thing for Gmail notifier. I'm not sure what to do about that. Any ideas?

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

I hear you can do Snort+OpenWRT on the router and set up IDS directly in the router, but that depends on your routers firmware and if its capable of running OpenWRT firmware.

Link to comment
Share on other sites
barry99705 Veteran

barry99705

Posted
Posted
I tried this Auto Scan, but I can't get it to work. It seems to have a lot of bugs. The first installation was corrupt, the second worked, but the network wizard crashes and the tool can't be used, as far as I know, without first using the network wizard. Next.....

That's weird, I use it all the time. Works in linux(comes in BackTrack) and on my MacBook Pro.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)

Have you tried using net stumbler for scanning your network? I know its no longer being supported but seemed to do its job.

Alternatively, if you wireless router supports mac filtering, you could deny any computer from connecting to it and only allow computers that have been specified in the allowed list.

This should stop less IT Savvy users from connecting to your wireless.

Edited by Infiltrator
Link to comment
Share on other sites
Th0m@s Newbie

Th0m@s

Posted
Posted

Hi, you are looking for the tool called Wi-Fi Defense. Look for more information on http://www.windowsusers.org/wifi_defense.html The original site (OTO) seems down, but the program is still widely available...

Once Wi-Fi defense is installed it scans your network and presents to you a list of devices (computers) and ask you if they are Friend, Foe, or Unknown. It gives you their IP address, MAC address, Net Name, and manufacturer. From that information you can figure out if they are Friend or Foe to allow them on the network. If Unknown you certainly don t want them. If someone need tries to piggy-back onto your signal a pop-up window will alert you and ask you if they are Friend, Foe, or Unknown. It worked on both my 802.11g and b cards. If you find in the future you want to change the classification of visitor (you were mistaken, or they just ticked you off) you can edit the visitor or delete them from the list.

Clicking on Wireless Security gives you options for Notification, that will have it tell you when someone new is scanned on the network. The Security tab lets you enable router security. Wi-Fi Defense is truly just a scanning programwhich will tell you when someone is accessing your network, until you enable the router security. I change my setting for my main computerWi-Fi defense options menu from friend to foe. It only change the color setting but, did not kick it off. If you are using a wireless access point in conjunction with a router (two separate pieces of equipment), make sure you put the address of your access point into the Access Point Address field on the Network tab. Once security is enabled if you need to add new visitors (friends) then you can click on Add Friend To Network wizard.

You can run reports on visitors to see when they came on and how long they were there. Network report shows the MAC address, when they were first there and the amount of time on the network. Visitors will be listed in one of two groups, either Connected or Not Connected. The Vulnerability Report shows a chart of how many hours each day a foe was detected on your network in the time period you select.

Greetings. T00Lm@n

Link to comment
Share on other sites
Burning Aces Newbie

Burning Aces

Posted
Posted (edited)

you realise you could just use nmap..or depending on your router, you can login to it with a script and request the dhcp table every * minutes, or as i said just use nmap -sP [subnet ending with a * so it scans whole subnet]

edit: or just look at the arp table..

Edited by Burning Aces
Link to comment
Share on other sites
barry99705 Veteran

barry99705

Posted
Posted
Have you tried using net stumbler for scanning your network? I know its no longer being supported but seemed to do its job.

Alternatively, if you wireless router supports mac filtering, you could deny any computer from connecting to it and only allow computers that have been specified in the allowed list.

This should stop less IT Savvy users from connecting to your wireless.

That's really not what netstumbler was created for, and it's still supported.

http://stumbler.net/index.php?m=201002

Mac filtering is useless, and provides the same false sense of security as a deadbolt on a screen door.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)
or as i said radius auth server

I think it would be the best choice to secure the wireless, adding a radius auth server in place. Just quoting what Burning Aces said above.

Edited by Infiltrator
Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)
That's really not what netstumbler was created for, and it's still supported.

http://stumbler.net/index.php?m=201002

Mac filtering is useless, and provides the same false sense of security as a deadbolt on a screen door.

Point made, I think in a scenario like this I would segment my network using a Vlan switch. I would connect any wireless device to Vlan1 for instance and the rest like servers to Vlan2.

That way if anyone manages to connect to the wireless, they will only be able to see the internet. Everything else, will be unreachable for them.

Or if you are really paranoid about wireless security, you could use a device like this one

http://netgear.com/Products/APsWirelessCon...ent/WC7520.aspx

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...